Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Invalid packets

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Tue, 29 May 2007 13:47:20 +0800


Robert S. Grimes wrote:
Hi,

What does Wireshark do when it encounters invalid packets?  I'm trying
to develop a driver for an embedded system, and while it is definitely
sending something on the wire (e.g. activity LEDs flashing on board and
network switch), nothing is reported by Wireshark.  It would be nice to
know what it was thinking...

Wireshark will show all the packets it receives though it may tag them as malformed or show them as having an invalid checksum or something like that. But Wireshark will show everything it gets.

PCAP (from tcpdump.org) or WinPcap (winpcap.org), which is what Wireshark uses for capturing, have some rules, but generally they'll send up whatever the interface gives them.

The real question is probably what is the interface giving PCAP and that's probably hardware dependent in the case of bogus packets.

But, you also said "switch" so have you read http://wiki.wireshark.org/CaptureSetup ?